Data Management for Non-Profits - Develop CENTS · NTEN + Idealware report: “A Consumer's Guide...
Transcript of Data Management for Non-Profits - Develop CENTS · NTEN + Idealware report: “A Consumer's Guide...
Data Management for Non-Profits
The Cloud, Security, and Other Useful Things
You Should Know About IT
David White https://developcents.comDevelop CENTS 423-693-4234Founder & CEO @DevelopCENTS
About Me: My History ● B.A in Community Development
from Covenant College
● Americorps intern in Boston (Web Developer & Server Administrator)
● Infrastructure Engineer at Lamp Post Group for 2 years
About Me: Current ● Founder & CEO of Develop
CENTS
– Founded in 2013
– Member of Chamber of Commerce
– Business Affiliate Member of CNP
● Married since 2014
What Comes First?
● Technology for the Mission, not the other way around. Your processes should always come first.
● Your goal: Good stewardship
CRM Software
● What do you need to do?
(Microsoft Excel probably doesn't do the job)
● NTEN + Idealware report: “A Consumer's Guide to Low Cost Donor Management Systems”
CRM Software
● CiviCRM● Salesforce● eTapestry● Raiser's Edge
Introduction to “The Cloud”• Online (or private intranet) services, software, and servers
• Sophisticated, highly available computer network (Sometimes)● If a single server crashes, your app or website still works
• Files backed up in multiple places
Types of Clouds● Public Cloud Services
– Website subscription services– Managed by a 3rd party– Multiple clients use the same service– Website Hosting
● Private Cloud– 2 or more servers setup so that if 1
server crashes, all your programs and data will still be available.
Public Cloud Examples
These websites and applications are only examples of Cloud Services. I'm not necessarily endorsing these products.
The Common Theme? All of these are entirely web-based!
G Suite for Nonprofts
● Free for nonprofits● Can be HIPPA compliant
– You must sign paperwork
● Includes all the Google features you're used to:
Drive, Gmail (for your domain), and more
● Signup at https://www.google.com/nonprofits/
Private Cloud Example
● 2 Offices with a storage device in each office– Secure network between the two offices– Data is replicated (copied) from 1 device to the
other
PrimaryOffice
SecondOffice
Secure Network
Example: Synology NAS
● “NAS” - Network Attached Storage● File server with several
hard drives in a RAID array
PrimaryOffice
SecondOffice
Secure Network
Staying Secure in The Cloud
What is “Security”?
Preserving the integrity, availability, and confidentiality of Information System Resources.
(NIST Handbook: Special Publication 800-12)
Nothing is Secure!“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards – and even then I have my doubts.”
- Dr. Gene Spafford, Purdue University
We published an April Fool’s blog post about guarding your server in a bunker!
Security & The Cloud
Use Encryption–HIPAA requires “Data at Rest” and “Data in Transit” encryption
Security & The Cloud
Data at restFile Encryption (BitLocker, 7-zip, etc...)
Security & The Cloud
Data in Transit•Use Secure Browsing (HTTPS)
•Or use a VPN
How to be Secure
Strong Passwords
What’s a secure password?
• Combination of memorial phrases and numbers–“ILovetheCenter4Nonprofits”
• At least 15 characters & symbols
How to be Secure
Password Management
● Use a password manager–LastPass, Keepass, 1Password are just a few
examples (but be careful! Nothing is secure!)
–Make a (very) secure Master Password – and memorize it
● NEVER use email to share passwords
How to be Secure?
2-Factor Authentication
Authenticating (logging in) to a service via two or more of the different means of authentication:
• What you know (password)• What you possess (token)• What you are (biometrics)• What you do (voice recognition)
Google's 2-Step Verification
If your organization uses Google Apps, login to your account, and visit https://accounts.google.com/b/0/SmsAuthSettings.
Local Data Storage & Backups
● RAID – 2 (or more ) hard drives that mirror each other, so that if 1 fails, the server keeps working– NOT the same thing as a backup
● You should always backup the data on your server– A “sync” is not a backup either!
● Example: Dropbox, Google Drive (not a backup)
Ransomware(1 reason why a “sync” isn’t a backup)
Security Summary(In no particular order)
1. DO make sure your data is stored behind an encrypted (HTTPS) connection or VPN, and if you save locally, use data encryption
2. Keep your server and your Database software up-to-date, & make sure it is backed up (a sync isn’t a backup!)
3. Do not copy your data insecurely (email doesn’t count!)
4. Use a strong password (better yet, use a password manager!)
The End
(Questions & Comments)
David Whitehttps://developcents.com
423-693-4234
Online Resources:
G Suite for Nonprofitshttps://www.google.com/nonprofits/
G Suite – HIPPA Compliancehttps://support.google.com/a/answer/3407054?hl=en
Our Blog:https://developcents.com/blog
The Slides to This Presentationhttps://developcents.com/knowledge-base/#workshops
A Consumer’s Guide to Donor Management Systemshttp://www.idealware.org/reports/consumers-guide-low-cost-donor-management-systems/
Security News Resources
Security on Stack Exchange: http://security.stackexchange.com
Internet Storm Center:https://isc.sans.edu/
US-CERT mailing lists:http://www.us-cert.gov/mailing-lists-and-feeds
Freedom of the Press Foundation:https://freedom.press/training/
Common Vulnerabilities and Exposureshttp://cve.mitre.org/
RFC Database at IETF:http://www.ietf.org/rfc.html
National Vulnerability Database:http://nvd.nist.gov/
National Institute of Standards & Technology (NIST):“Computer Security Handbook”http://csrc.nist.gov/publications/nistpubs/800-12/800-12-html/
Brian Krebs:http://krebsonsecurity.com/@briankrebs